securing-container-registry-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly scans and ingests arbitrary container images and their scan/SBOM outputs from public registries (see SKILL.md examples like "trivy image ... 123456789012.dkr.ecr.../myapp:latest" and the scripts/agent.py functions scan_image_trivy, generate_sbom, and get_ecr_scan_findings), and it parses vulnerability descriptions and SBOM/package data that are used in audit reports and CI gating decisions, so untrusted third-party content can materially influence actions.